trivy scan result on gatling-operator-v0.5.1 (before fixed)
trivy image --ignore-unfixed --severity HIGH,CRITICAL gatling-operator:v0.5.1
2022-03-30T13:25:51.654+0900 INFO Detected OS: debian
2022-03-30T13:25:51.655+0900 INFO Detecting Debian vulnerabilities...
2022-03-30T13:25:51.656+0900 INFO Number of language-specific files: 1
2022-03-30T13:25:51.656+0900 INFO Detecting gobinary vulnerabilities...
gatling-operator:v0.5.1 (debian 11.3)
=====================================
Total: 0 (HIGH: 0, CRITICAL: 0)
manager (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| github.com/gogo/protobuf | CVE-2021-3121 | HIGH | v1.3.1 | 1.3.2 | gogo/protobuf: |
| | | | | | plugin/unmarshal/unmarshal.go |
| | | | | | lacks certain index validation |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3121 |
+--------------------------+------------------+----------+-------------------+---------------+--------------------------------------+
trivy scan result on gatling-operator-v0.5.5 (after fixed)
trivy image --ignore-unfixed --severity HIGH,CRITICAL gatling-operator:v0.5.2
2022-03-30T13:55:50.179+0900 INFO Detected OS: debian
2022-03-30T13:55:50.179+0900 INFO Detecting Debian vulnerabilities...
2022-03-30T13:55:50.181+0900 INFO Number of language-specific files: 1
2022-03-30T13:55:50.181+0900 INFO Detecting gobinary vulnerabilities...
gatling-operator:v0.5.2 (debian 11.3)
=====================================
Total: 0 (HIGH: 0, CRITICAL: 0)
manager (gobinary)
==================
Total: 0 (HIGH: 0, CRITICAL: 0)
Running test
I confirmed that gatling operator runs as expected throughout gatling load-testing
here is the test procedure
# create kind cluster
make kind-deploy
# deploy gatling operator-v0.5.2 to kind cluster
make kind-deploy
# deploy sample gatling CR to the cluster
make kind-sample-deploy
Description
To fix security issue
https://github.com/st-tech/gatling-operator/security/dependabot/1
Test
Trivy vul scan results comparision
trivy scan result on gatling-operator-v0.5.1 (before fixed)
trivy scan result on gatling-operator-v0.5.5 (after fixed)
Running test
I confirmed that gatling operator runs as expected throughout gatling load-testing
here is the test procedure